Embed Size (px)
Citation preview
Page 1 of 54
ISSAI 5700 The International Standards of Supreme Audit Institutions, ISSAI, are issued by the
International Organization of Supreme Audit Institutions, INTOSAI. For more information visit www.issai.org
I N T O S A I
Guideline
for the Audit of
Corruption Prevention
Bonn, September 2016
Page 2 of 54
INTOSAI General Secretariat - RECHNUNGSHOF
(Austrian Court of Audit)
DAMPFSCHIFFSTRASSE 2
A-1033 VIENNA
AUSTRIA
Tel.: ++43 (1) 711 71 • Fax: ++43 (1) 718 09 69
E-MAIL: [email protected];
WORLD WIDE WEB: http://www.intosai.org
I N T O S A I
EXPERIENTIA MUTUA
OMNIBUS PRODEST
EXPERIENTIA MUTUA
OMNIBUS PRO DEST
INTOSAI Professional Standards Committee
PSC-Secretariat
Rigsrevisionen • Store Kongensgade 45 • P.O. Box 9009 • 1022 Copenhagen K • Denmark
Tel.:+45 3392 8400 • Fax:+45 3311 0415 •E-mail: [email protected]
Page 3 of 54
1
Table of contents 2
0 Introduction 5 3
1. The Necessity of Combating Corruption 6 4
1.1 The Concept of Corruption 6 5
1.2 Causes of Corruption 11 6
1.3 Cost of Corruption 12 7
1.4 The Role of the SAI in the Fight against Corruption 14 8
1.5 Laws and regulations 16 9
2 Components of Corruption Prevention Systems 17 10
2.1 Anti-Corruption Organizational Culture 18 11
2.2 Objectives/Strategy 19 12
2.3 Organizational responsibility for corruption prevention 20 13
2.4 Risk assessment and risk analysis (Risk management) 22 14
2.5 Anti-Corruption Program (Modules of corruption prevention) 26 15
2.5.1 Prevention of Corruption 27 16
2.5.1.1 Appropriate framework of standards and regulations 27 17
2.5.1.2 Code of Ethics 28 18
2.5.1.3 Appropriate Human Resources (HR) - Management 31 19
2.5.1.4 Internal control 35 20
2.5.1.5 Use of e-government 39 21
2.5.2. Detection of Corruption 39 22
2.5.2.1 Whistleblowing Mechanism 39 23
2.5.2.2 Internal audit 40 24
2.5.3 Reaction to corruption 42 25
2.6 Communication - Reporting 44 26
Page 4 of 54
2.6.1 Reporting to institutions outside the auditee’s body (SAI, parliament, IG, prosecutors) 44 1
2.6.2 Gathering and disseminating information from internal and external sources 45 2
2.6.3 Communications 46 3
2.6.4 Written plan on institutional communication 47 4
2.6.5 Effective internal communication 48 5
2.6.6 Effective external communication 49 6
2.6.7 Report issuing 50 7
2.7 Monitoring and modification 51 8
2.7.1 Permanent monitoring process 51 9
2.7.2 Analysis of lessons learned 52 10
3. Additional aspects 53 11
3.1 Cooperation with other institutions involved in fighting against corruption 53 12
3.2 Cooperation between Supreme Audit Institutions (SAIs) 53 13
3.3 Appointment of Government agency 54 14
15
Page 5 of 54
0 Introduction 1
This guideline is designed to help SAI auditors in preparing and conducting the audit of anti-2
corruption policies and procedures in government organizations within the scope of their mandate. 3
It highlights anti-corruption policies, structures and processes in these organizations and can be 4
used as an audit tool by the auditors. It may, however, also be used by the auditees (such as 5
government departments, government institutions etc.) as guidance for implementing and carrying 6
out their own anti-corruption-activities. Those SAIs that do not have a mandate to conduct 7
performance audits can use this guideline for internal purposes. 8
The guideline assumes the reader is aware of general and specific audit methodology and 9
procedures applicable to this area of audit as set out in ISSAIs, ISAs, audit manuals, and other 10
relevant auditing standards and guidance. Given the enormous amount of information widely 11
available on the subject, this guidance is not intended to be final or exhaustive but rather to explain 12
and illustrate the relevant features and to present practical solutions for SAI auditors. 13
The guideline covers key areas of anti-corruption structures and procedures that may be found in 14
government organizations. It also describes the setting up of anti-corruption-structures, the 15
approaches for risk assessment and risk analysis and monitoring processes. The main emphasis is 16
placed on the modules of an effective anti-corruption organization such as the delimitation of 17
duties, job rotation, role of internal review, human capital including raising awareness and training 18
of employees. 19
This guideline does not cover fraud investigations, although some SAIs have investigative units. In 20
most cases the SAI does not lead an investigation since it does not possess adequate knowledge or 21
resources to do so. The investigative authorities may even ask the SAI to stop carrying out audit 22
work in the area concerned so as not to jeopardize the findings of the investigation team. The SAI, 23
however, may also be asked to cooperate and even work alongside the investigative team. The fraud 24
and corruption investigation actively seeks out cases of deception and hidden figures and is not 25
concluded before it has gathered sufficient evidence on the extent and financial impact of the 26
problem. 27
One of the key issues, which has been known for years among scientists and practitioners of public 28
management, is the need to ensure institutional balance (transaction cost theory). There is no 29
possibility of effective implementation of formal institutions, such as anti-corruption law, without 30
concurrent changes of informal institutions, as well as convincing citizens of the need to make 31
changes in order to effectively fight corruption. 32
Page 6 of 54
The authors of the guideline have covered this concept in the first part of the guideline that provides 1
general information about the phenomenon of corruption. This guideline is not only a kind of anti-2
corruption methodology, where risk-based principles and procedures are discussed, but is also 3
intended to help readers understand the importance of the fight against corruption. Therefore, in the 4
first part of the guideline that is directed towards representatives of public institutions around the 5
world, the authors have decided to gather general information about the phenomenon of corruption, 6
its causes and consequences. 7
8
1. The Necessity of Combating Corruption 9
1.1 The Concept of Corruption 10
Before discussing how to reduce corruption, it is worth mentioning why the issue of corruption is 11
essential to public management, and how corruption is related to public governance. The term 12
governance is generally used to encompass all aspects of the way a country, corporation, or other 13
entity is governed. Good governance is a precondition for the sustainable development of societies 14
and regions. This means competent public management of a country’s resources and public tasks in 15
a manner that is right, transparent, accountable, equitable and responsive to people’s needs. 16
Corruption is a narrower concept than governance as it is often defined as the abuse of public 17
authority or trust for private benefits. These two concepts are closely linked, where there is poor 18
governance, there are greater incentives and more scope for corruption. Thus, the promotion of 19
good governance helps to combat corruption. It also complements efforts that target corruption 20
more directly, such as raising public awareness and strengthening the enforcement of anti-21
corruption legislation. There is also a reverse link: corruption undermines governance to the extent 22
that it distorts policy decisions and their implementation1. 23
The International Monetary Fund's operations and its relations with member states have always 24
been concerned with good governance. But in 1996, the policy-making committee of its Board of 25
Governors added an explicit mandate. In its Declaration on Partnership for Sustainable Global 26
Growth, the Interim Committee stressed, among other things, the importance of "promoting good 27
governance in all its aspects, including by ensuring the rule of law, improving the efficiency and 28
1 The IMF's Approach to Promoting Good Governance and Combating Corruption — A Guide, International Monetary
Fund, Washington D.C. 2005 Retrieved November 2, 2009.
Page 7 of 54
accountability of the public sector, and tackling corruption, as essential elements of a framework 1
within which economies can prosper2". 2
The World Bank also prepared the Worldwide Governance Indicators, and listed six key dimensions 3
of governance as follows: Accountability, Political Stability and Lack of Violence, Government 4
Effectiveness, Regulatory Quality, Rule of Law, and Control of Corruption3. In addition, the 5
Financial Action Task Force, recognizing that corruption and money laundering are intrinsically 6
linked, has developed a reference guide to raise awareness of how its recommendations for 7
combating money laundering can also be used in the fight against corruption4. 8
There is no doubt that corruption can have a major negative impact on economic performance. 9
Corruption can reduce investment and economic growth. It also diverts public resources to private 10
gains and away from needed public spending on education and health. It tends to compress 11
operation and maintenance expenditures while boosting for public investment and defense 12
spending, which are both highly amenable to corruption. By reducing tax revenue, corruption can 13
complicate macroeconomic management, and since it tends to do so in a regressive way, it can 14
accentuate income inequality5. 15
The United Nations Convention against Corruption does not contain a single definition of 16
corruption, but lists several specific types6. There are, however, several “working definitions”. For 17
example, Transparency International defines corruption as “the abuse of entrusted power for private 18
gain”7. The working definition of corruption adopted by the World Bank Group is more oriented to 19
the public sector and reads as follows: “The abuse of public funds and/or office for private or 20
political gain”8. 21
The Civil Law Convention on Corruption by the Council of Europe, defines corruption as 22
2 Communiqué of the Interim Committee of the Board of Governors of the International Monetary Fund, Press Release
Number 96/49, September 29, 1996, International Monetary Fund, Washington, D.C. 3 See: http://info.worldbank.org/governance/wgi/index.asp. 4 Financial Action Task Force, Corruption: A Reference Guide and Information Note on the use of FATF
recommendations to support the fight against corruption, 2010. 5 The IMF's Approach to Promoting Good Governance and Combating Corruption — A Guide, International Monetary
Fund, Washington D.C. 2005 Retrieved November 2, 2009. 6 UNODC, 2004. The United Nations Anti-Corruption Tooklit, 3rd Edition. Available at
www.undoc.org/documents/corruption/publications_tooklit_sep04.pdf, p. 10. 7 Transparency International, Frequently asked questions about corruption. Available at
www.transparency.org/news_room/faq/corruption_faq. 8 Available at www.u4.no/pdf?file=/document/literature/publications_adb_manyfacesofcorruption.pdf.
Page 8 of 54
requesting, offering, giving or accepting, directly or indirectly, a bribe or any other undue advantage 1
or prospect thereof, which distorts the proper performance of any duty or behavior required of the 2
recipient of the bribe, the undue advantage or the prospect thereof9. 3
In terms of how widespread it is, corruption can be divided into individualized corruption – 4
involving a definite number of people, and collective corruption – extending to entire interest 5
groups, leading to dependencies in which the donor becomes the recipient and vice versa. A 6
distinction can also be drawn according to the spheres of state and society in which corruption 7
occurs: in the private sector, at the interface of the private and public sectors, and in the public 8
sector. By adopting an ‘actor-centric’ approach towards giving and accepting corruptive 9
advantages, passive and active corruption can be distinguished. Passive corruption involves the 10
deliberate action by an official, who, directly or through an intermediary, requests or receives 11
advantages of any kind whatsoever, for himself or for a third party, or accepts a promise of such an 12
advantage, to act or refrain from acting in accordance with his duty or in the exercise of his 13
functions in breach of his official duties. Active corruption involves the deliberate action of 14
whoever promises or gives, directly or through an intermediary, an advantage of any kind 15
whatsoever to an official for himself or for a third party in order for him to act or refrain from acting 16
in accordance with his duty or in the exercise of his functions in breach of his official duties10. 17
According to the Criminal Law Convention on Corruption by the Council of Europe, active bribery 18
of domestic public officials is defined as an act committed intentionally by the promising, offering 19
or giving by any person, directly or indirectly, of any undue advantage to any of its public officials, 20
for himself or herself or for anyone else, for him or her to act or refrain from acting in the exercise 21
of his or her functions. Passive bribery of domestic public officials is defined as an act committed 22
intentionally by the request or receipt by any of its public officials, directly or indirectly, of any 23
undue advantage, for himself or herself or for anyone else, or the acceptance of an offer or a 24
promise of such an advantage, to act or refrain from acting in the exercise of his or her functions11. 25
9 see Article 2, Civil Law Convention on Corruption, done at Strasbourg on 4 November 1999,
http://conventions.coe.int/Treaty/EN/Treaties/Html/174.htm 10 Z. Dobrowolski, Trust, Corruption and Fraud [in:] B. Kozuch, Z. Dobrowolski, Creating Public Trust. An
Organisational Perspective, Peter Lang GmbH, Frankfurt am Main 2014, pp. 132-136. 11 Criminal Law Convention on Corruption, see: http://conventions.coe.int/treaty/en/Treaties/Html/173.htm
Page 9 of 54
The concept of corruption could also be referenced to two types, grand and petty corruption. Grand 1
corruption involves substantial amount of money and usually high-level officials. Petty corruption 2
is the corruption that involves smaller sums and typically more junior officials. 3
Among other types of wrongdoing, corruption is associated with nepotism or favoritism, 4
clientelism, cronyism, patronage, graft, bribery, extortion, embezzlement, theft and fraud. Nepotism 5
is defined as providing favors based on consanguinity. It is also defined as favoritism granted to 6
relatives regardless of merit. Favoritism means giving favors based on informal relations or the 7
practice of giving special treatment to a person or group12. The term clientelism refers to a complex 8
chain of personal bonds between political patrons or bosses and their individual clients or followers. 9
These bonds are founded on mutual material advantage: the patron furnishes excludable resources 10
(money, jobs) to dependents and accomplices in return for their support and cooperation (votes, 11
attendance at rallies). The patron has disproportionate power and thus enjoys wide latitude about 12
how to distribute the assets under his control13. 13
By definition, favoritism, nepotism and clientelism all involve abuses of discretion, although a 14
number of countries do not criminalize the conduct (for example, Article 7 of the UN Convention 15
Against Corruption covers merit selection without even mentioning nepotism). Such abuses usually 16
involve not only a direct personal benefit to an official but also promotes the interests of those 17
linked to the official, be it through family ties, a political party, a tribe, or religious group. A corrupt 18
official who hires a relative (nepotism) acts in exchange, not of a bribe but of the less tangible 19
benefit of advancing the interests of others connected to the official. The unlawful favoring of - or 20
discrimination against - individuals can be based on a wide range of group characteristics: race, 21
religion, geographical factors, political or other affiliation, as well as personal or organizational 22
relationships, such as friendship or shared membership of clubs or associations14. 23
Cronyism is showing partiality to long-standing friends, especially by appointing them to positions 24
of authority, regardless of their qualifications. Patronage is the support, encouragement, privilege, 25
or financial aid that an organization or individual bestows upon another. In some countries the term 26
12 The American Heritage New Dictionary of Cultural Literacy, Third Edition. Houghton Mifflin Company, 2005. 10
Aug. 2009, http://www.thefreedictionary.com/favouritism. 13 D.W. Brinkerhoff, A.A. Goldsmith, Clientelism, Patrimonialism and Democratic Governance: An Overview and
Framework for Assessment and Programming. Prepared for U.S. Agency for International Development Office of
Democracy and Governance, under Strategic Policy and Institutional Reform, Abt Associates Inc., Bethesda 2002, p. 2. 14 United Nations Handbook on Practical Anti- Corruption Measures for Prosecutors and Investigators, op.cit., p. 28.
Page 10 of 54
is used to describe political patronage, which is the use of state resources to reward individuals for 1
their electoral support. Although in some countries patronage systems are legal, the term may refer 2
to a type of corruption or favoritism in which a party in power rewards groups, families, ethnicities 3
for their electoral support using illegal gifts or fraudulently-awarded appointments or government 4
contracts. 5
Graft is a form of political corruption that can be defined as an unscrupulous use of a politician's 6
authority for personal gain. Most governmental systems have laws in place to prevent graft although 7
this does not always halt political corruption. Bribery is the act of conferring a benefit in order to 8
improperly influence an action or decision. It can be initiated by an official who asks for a bribe or 9
by a person who offers to pay one. Bribery is probably the most common form of corruption. 10
Definitions or descriptions appear in several international instruments, in the domestic laws of most 11
countries as well as in academic publications. Typically, it is used to describe a payment extracted 12
by a public official from an unwilling member of the public before the citizen can receive the 13
service to which he or she is entitled. Strictly speaking, such a transaction is not one of a “bribe” 14
being given by an accomplice in corruption, but a “payment being extorted” from an unwilling 15
victim15. 16
The "benefit" conferred by a “bribe” can take a variety of forms: cash, company shares, inside 17
information, sexual or other favors, entertainment, employment or, indeed, the mere promise of a 18
benefit in the future (such as a job on retirement). 19
The Criminal Law Convention on Corruption by the Council of Europe defines bribery associated 20
with the phenomenon of corruption, namely: active or passive bribery.16 21
In the context of corruption, embezzlement, theft and fraud all involve stealing by an individual 22
exploiting his or her position of employment. In the case of embezzlement, property is taken by 23
someone to whom it has been entrusted (e.g. a pay clerk). Fraud involves the use of false or 24
misleading information to induce the owner of the property to part with it voluntarily. "Theft", per 25
se, goes well beyond the scope of any definition of corruption. However, “embezzlement” - 26
essentially the theft of property by someone to whom it was entrusted - is universally regarded as 27
15 United Nations Handbook on Practical Anti- Corruption Measures for Prosecutors and Investigators, op.cit., p. 24. 16 The Criminal Law Convention on Corruption, Strasbourg, 27 January 1999, Articles: 2, 3, 7, 8 of the Convention.
Page 11 of 54
falling within corruption definitions wherever it occurs, carrying with it, as it does, a breach of a 1
fiduciary duty17. 2
3
1.2 Causes of Corruption 4
Flaws of human nature are mentioned among the causes of corruption. The urge to enrich one 5
quickly by dishonest means makes this phenomenon persistent in any society, regardless of a 6
political system. The tolerance for corrupt behavior may not only have a cultural, but also a 7
historical background. For instance, the absence of one’s own national state may generate a 8
disregard for legal norms, perceived as rules imposed by the occupying power. This, in turn, can 9
translate into a generalized disregard for legal norms, and – more broadly – for ethical standards. In 10
addition, some mistakes of state economic policies may catalyze corruption. For instance, in the 11
circumstances of a shortage economy, with mismatched supply and demand, a desire to get some 12
consumer goods may generate corrupt behavior18. 13
Several studies have identified three common characteristics (Fraud Triangle model) that may have 14
an impact on the conduct of a corrupt or fraudulent person19: 15
Incentive/pressures: The need a corrupt person is trying to satisfy by committing a dishonest 16
act. 17
Opportunity: The ability of the corrupt person to act dishonestly due to his/her position. 18
Rationalization: The corrupt person’s ability to justify the act in his/her mind. 19
20
In a market economy, corruption may be encouraged by the existing legal and organizational 21
regime which may restrict the freedom of business, by imposing restrictions on business 22
transactions. These restrictions may give rise to secret agreements, various informal groups, which 23
can affect the existing society system20. Such agreements can occur in various societies with 24
different cultures. It is worth noting at this point that an act considered to be a corrupt practice in 25
17 United Nations Handbook on Practical Anti- Corruption Measures for Prosecutors and Investigators, op.cit., p. 26. 18 Z. Dobrowolski, Trust, Corruption and Fraud [in:] B. Kozuch, Z. Dobrowolski, Creating Public Trust. An
Organisational Perspective, Peter Lang GmbH, Frankfurt am Main 2014, pp. 129-130. 19 Dr. Donald Cressay; Criminal Organization: Its Elementary Forms, 1972 20 Z. Dobrowolski, Trust, Corruption and Fraud [in:] B. Kozuch, Z. Dobrowolski, Creating Public Trust. An
Organisational Perspective, Peter Lang GmbH, Frankfurt am Main 2014, pp. 129-130
Page 12 of 54
one community may not necessarily fit into such classification adopted in another community. A 1
gratuity offered to an official after he or she has completed a task may – for some – be a sign of 2
corruption (establishing a “climate” for successful completion of other affairs in future), and for 3
others – only an expression of gratitude acceptable in the culture21. 4
In considering the reasons why the corrupting party pays bribes, the following factors can be 5
distinguished: 6
access to restricted goods, for instance contracts, licenses, permits, real property in attractive 7
city districts, 8
access to information, for instance on the contractual terms and conditions, on a bill of 9
quantities with prices, on the activities planned by decision-makers, 10
favorable treatment of some matter, which allows avoiding or cutting some costs, depriving 11
other entities of some benefits22 12
In light of what has been discussed so far, corruption develops when the freedom to do business is 13
restricted, there is excessive discretion in decision-making, little or no accountability of decision-14
makers, inefficient control system, lack of transparency in the activities of institutions using public 15
funds or property23.. 16
17
1.3 Cost of Corruption 18
Corruption generates costs. However, the problem with corruption is that unlike other crimes, those 19
that are victims of corruption are often not directly linked, either in place or in time, with the 20
corrupt activities. There are, however, some estimates of overall bribes paid worldwide. Corruption 21
alone is estimated to cost the EU economy EUR 120 billion per year, just a little less than the 22
annual budget of the European Union24. Furthermore corruption has more far-reaching and 23
damaging serious corruption problems and two in three worldwide suffer from corrupting25 24
21 Ibidem. 22 Ibidem. 23 Anticorruption in Transition: A Contribution to the Policy Debate, World Bank, Washington D.C. 2000 (reproduced
typescript), pp. XV-XVII. 24 Report from the Commission to the Council and the European Parliament, EU Anti-Corruption Report, COM (2014)
38 Final 25 Corruption Perceptions index 2015; Transparancy international.
Page 13 of 54
consequences for society and the economy as a whole as is evident based on such estimates. For 1
instance, the money looted usually leaves the country and is thus not accessible there anymore for 2
other productive or redistributive purposes. Also, the possibility to extort bribes biases the 3
incentives for government officials and has detrimental effects on overall governance, and thus on 4
the quality and the availability of public services. Bribes and embezzlement are just two aspects of 5
this corruption. Non-monetary and monetary effects of favoritism and nepotism as well as fraud 6
(e.g. the manipulation or falsification of information) have to be added to the picture26. 7
Corruption negatively affects productivity and deters investments. One of the reasons for this is 8
because the effects of corruption are comparable to a tax on investments. A firm wishing to make an 9
investment has to take into account the unpredictable costs of bribery for setting up and operating a 10
business27. 11
Environmental quality also suffers from corruption, and corruption undermines effectiveness of 12
environmental policies. Indeed, pollution may increase due to a less effective environmental 13
regulation which can be circumvented through bribes28. 14
Corruption can undermine the system of democracy. First of all, in most countries a social and 15
political consensus has been established that private wealth is subject to a redistributive system to 16
guarantee the provision of public goods and services, and to prevent excessive social inequality, 17
therefore income is taxed. Through bribing tax officials or through tax evasion, corrupt practices 18
undermine the ability of the state to tax private wealth and revenues. Secondly, public expenditures 19
are agreed on in the budget, which is usually approved and determined by parliament, central audit 20
authorities and by civil society and media. But, as already mentioned, corruption distorts the budget 21
towards expenditures offering the highest corrupt opportunities, undermining the democratically 22
desired use of resources and favoring narrow interests over public interest. Finally, corruption may 23
26 Quote from the publication: F. Boehm, J. Joerges, Cost of Corruption: Everyone Pays – And the Poor More that
Others, Deutsche Gesellschaft für Technische Zusammenarbeit (GTZ) GmbH, Division State and Democracy
Supporting the Implementation of the UN Convention against Corruption, Federal Ministry for Economic Cooperation
and Development, Eschborn 2008, p. 2. 27 F. Boehm, J. Joerges, Cost of Corruption.., op.cit., pp. 5-6. 28 H. Welsch, Corruption, Growth, and the Environment: A Cross-Coutry Analysis. Environment and Development
Economics, 2004, Vol.9: 663-93 cited by F. Boehm, J. Joerges, Cost of Corruption.., op.cit., p. 7.
Page 14 of 54
also seek to directly influence the policy making and the rules and regulations of a society, thereby 1
undermining democratic processes as well as the legitimacy of the state29. 2
3
1.4 The Role of the SAI in the Fight against Corruption 4
One of the most important aspects of the SAI’s role in combating corruption is the work it does in 5
strengthening public institutions, which are the elements of the national integrity system. The public 6
institution, within its statutory powers, supports this national integrity system like pillars that 7
support the roof of the building. Sound governance in such a system is based on integrity, 8
transparency and accountability. Taking into consideration that it is much better to prevent than 9
detect corruption, the SAI’s fight against corruption should be multifaceted. It includes, but is not 10
limited to: (1) incorporating corruption and wrongdoing issues in SAI’s routine audit work; (2) 11
heightening public awareness of corruption and other wrongdoing through timely and public 12
disclosure of SAI’s audit findings; (3) improving methods and tools of combating corruption and 13
other types of wrongdoing; (4) providing a means for whistleblowers to report instances of 14
wrongdoing; and (5) cooperating with other institutions in the fight against corruption30. 15
The SAI should analyze corruption phenomena (its occurrence, causes, areas and mechanisms) as 16
appropriate during each audit, and through its audits the SAI should attempt to identify ways to 17
reduce arbitrariness in the application of rules and regulations, simplify administrative procedures, 18
and eliminate unequal access to information. Through SAI’s daily analysis of irregularities 19
identified during audits and analysis of legislation the SAI should attempt to identify the 20
mechanisms that can contribute to corruption. Through its work, the SAI should try to influence the 21
laws and regulations so that they themselves do not encourage corruption. If the SAI makes a 22
decision that a law or a regulation creates a situation that permits or encourages corruption, it makes 23
proposals for change. It is worth noting that when irregularities are identified in an audit, the SAI 24
should recommend corrective measures, although most of SAIs have no executive powers and do 25
not issue legal verdicts. 26
29 Quote from the publication: F. Boehm, J. Joerges, Cost of Corruption.., op.cit., pp. 9-10. 30 Z. Dobrowolski, Corruption and Fraud Prevention [in:] B. Kozuch, Z. Dobrowolski, Creating Public Trust. An
Organisational Perspective, Peter Lang GmbH, Frankfurt am Main 2014, pp 181-185.
Page 15 of 54
By carrying out this comprehensive strategy aimed at combating corruption and other types of 1
wrongdoing, the SAI helps to strengthen the financial management systems of public institutions, 2
knowing that ongoing accountability within the government will create a preventive environment 3
that does not favor corruption and other types of wrongdoing. A strong financial management 4
system incorporates the following: accurate, complete, and timely financial reporting, to include 5
financial statements audited by the SAI or independent auditors and reports on internal controls and 6
compliance with laws and regulations; a reliable system of internal controls; and cost accounting 7
capabilities. A strong financial management system also contributes to and provides a basis for 8
effective performance measurement. Simultaneously the SAI should evaluate internal controls (an 9
important line of defense in preventing wrongdoing) and makes recommendations to strengthen any 10
weaknesses identified31. 11
The SAI should attach great importance to its informational role and heighten public awareness of 12
corruption and other wrongdoing through the timely and public disclosure of its audit findings. 13
Increased public awareness of corruption helps to foster accountability. It is worth noting, however, 14
that in many countries the SAIs have certain information gathering tools for combating 15
wrongdoings and can report on corruption in the public sector. In some countries, SAIs do not have 16
the competences of a police agency or prosecutor office. In the case of a well-founded suspicion of 17
a crime or any offence, the SAI should notify the body called upon to investigate crimes and 18
offences (in instances required by Criminal Law). In some cases auditors may play an important 19
role during criminal prosecutions by being witnesses for the prosecution32. 20
The SAI’s effectiveness and efficiency in the area of wrongdoing detection is the result of its 21
strategy. Therefore the SAI should constantly work in a systematic manner to improve its 22
methodology to identify and combat wrongdoing. The SAI should also increasingly turn its focus 23
on training of its staff, knowing that the success of the fight against wrongdoing depends not only 24
on its audit procedures and tools, but also on having staff with appropriate skills, knowledge, and 25
abilities to identify and assess potential irregularities33. 26
The SAI should create a commitment to individual integrity not only through its own staff. 27
Additionally it should be an institution to which whistleblowers can provide information about 28
31 Ibidem 32 Ibidem 33 Ibidem
Page 16 of 54
suspected or actual wrongdoing in the workplace. Many SAIs have a complaint gathering system. 1
Telephone hotlines and Internet technology are examples of commonly used whistleblowing 2
mechanisms. The efficiency of any whistleblowing system, however, depends not only on the 3
availability of such a solution for citizens, but also on how the system ensures the anonymity of 4
whistleblowers, and the belief of citizens that the information on irregularities in public life, 5
provided by individuals to the authorities of the state are properly used by the authorities. All 6
information gathered from such individuals by an SAI’s complaint system should be transmitted 7
over a secure connection, and the SAI should safeguard all information provided by whistleblowers 8
or others against unauthorized disclosure34. 9
In their efforts to combat corruption SAIs should encourage public organizations to put effective 10
pre-employment screening procedures in place. Such procedures should verify the qualifications, 11
suitability and experience of potential candidates for employment. Specific techniques that should 12
be used include confirmation of educational and professional qualifications, verification of 13
employment background, criminal history searches and credit checks. Such pre-employment 14
screening techniques must, however, be carried out in accordance with appropriate laws and 15
regulations. Screening applicants can reduce the likelihood of individuals with a history of 16
dishonest or fraudulent behavior being given a role within the organization, and is therefore an 17
important corruption prevention procedure35. 18
19
1.5 Laws and regulations 20
Laws and regulations concerning the prevention and fight against corruption, fraud and 21
money laundering should be a part of the legal system of each country. Given the number of 22
countries and SAIs, relevant laws and regulations have not been included or referenced in this 23
guideline. 24
Some countries have individually developed initiatives to combat international corruption. 25
However, only since the latter half of the 1990s, has the international community established 26
a legal framework to strengthen enforcement through cooperation. The main instruments are 27
the following: 28
34 Ibidem 35 Fraud risk management. A guide to good practice, Chartered Institute of Management Accountants,2008, p.35.
Page 17 of 54
The Convention of the United Nations against the Corruption. 1
The Inter-American Convention against corruption, the ICAC, of the Organization of 2
American States, OAS. 3
Civil and Criminal Law Conventions on Corruption by the Council of Europe. 4
The Convention International Anti bribery, of the Organization for Cooperation and 5
Economic Development, OECD. 6
African Union Convention on Preventing and Combating Corruption. 7
It should be pointed out that the mentioned conventions contain the majority of the 8
recommendations made in the various national and international forums to combat 9
transnational corruption such as mutual legal assistance, joint investigations, the prevention 10
and detection of transfers of assets illicitly acquired, measures for the direct recovery of assets 11
and the exchange of information, among others36. 12
13
2 Components of Corruption Prevention Systems 14
According to World Bank anti-corruption approach as well as Robert Klitgaard corruption 15
model efficient fight against corruption requires eliminating monopoly, reducing discretion 16
and promoting transparency and the rule of law. 17
Seven key components have been identified for an effective fight against (and prevention of) 18
corruption: 19
Anti-Corruption Organizational Culture, Objectives/Strategy, Organizational Responsibility, 20
Risk Management, Modules of Corruption Prevention (anti-corruption programme), 21
Communication and Information and Monitoring and Modification. This chapter has been 22
prepared to provide a comprehensive explanation on its relevance and impact to reduce and 23
prevent corruption in government organizations, but it also covers the SAIs’ role establishing 24
guidance on how supreme auditing contributes to corruption prevention. 25
26
36 Statement of Cartagena de Indias "Transparency Against Corruption”.
Page 18 of 54
1
2
3
4
5
6
7
8
Fig. 1: Components of Corruption Prevention Systems, SAI of Austria 9
2.1 Anti-Corruption Organizational Culture 10
It should be pointed out that the design and implementation of an effective anti-corruption 11
preventıon system is a challenge for every institution and it requires the active participation and 12
professional judgment of all public officials so that it constitutes more than an inertial set of steps 13
destined to comply with specific policies and procedures. 14
In this context the role model function of the management of all hierarchical levels is essential for 15
an efficient corruption prevention system. Without the “tone from the top” and the full commitment 16
of the management to a comprehensive approach for the fight against corruption preventive 17
measures are inefficient. 18
The governing bodies and senior management use their expertise and professional judgment to 19
assess the necessary degree of control over integrity. Mid-level management and administrative 20
Page 19 of 54
staff, among other public officials, use their expertise and their professional judgment on a day-to-1
day basis to select, develop and implement the anticorruption controls within their responsibility 2
areas. 3
Likewise, auditors and other bodies in charge of institutional control apply their professional 4
judgment to supervise and evaluate the effectiveness and efficiency of the anticorruption system. 5
Possible indicators for a desirable anti-corruption organizational climate can be: 6
1. The organization demonstrates a commitment to integrity and ethical values. 7
2. The oversight body should oversee the entity’s internal control system. 8
3. Management establishes, with board oversight, structures, reporting lines and appropriate 9
authorities and responsibilities in the pursuit of objectives. 10
4. The organization demonstrates a commitment to attract, develop and retain competent individuals 11
in alignment with objectives. 12
5. The organization holds individuals accountable for their internal control responsibilities in the 13
pursuit of objectives. 14
15
2.2 Objectives/Strategy 16
The first key element for a successful fight against corruption is the establishment of related 17
strategic objectives or priorities. To create a corruption free environment within an 18
organization is a desirable goal but may not always be a realistic objective as in some cases 19
corruption can only be curbed to an acceptable level but not completely extinguished. 20
Derived from a mission statement or vision, the management of an organization has to define 21
long-term organizational objectives or priorities. These objectives have to be consistent with 22
the overall strategy of the organization and must fit the legal and budgetary framework. 23
Typically, such objectives deal with the enhancement of organizational integrity, the 24
strengthening of corruption prevention systems or improvement of the effectiveness and 25
efficiency of such systems. Definite and comprehensive anti-corruption objectives underline 26
the commitment of management in the effort to curb corruption within an organization. 27
Based on this objective or priorities, operational goals have to be defined that underline which 28
impact should be achieved by implementing a comprehensive anti-corruption program. 29
These goals have to be targeted toward the prevention of corruption, realistic, appropriate, 30
time framed and measurable. 31
32
Page 20 of 54
2.3 Organizational responsibility for corruption prevention 1
In some countries, internal control standards require managers to establish an organizational 2
structure, among other actions, to achieve the program’s objectives. In this context, a leading 3
practice is to designate an entity within the structure to design and oversee these activities37. 4
Further if the results of risk analyses or other circumstances warrant, organizational 5
responsibility for corruption prevention within the institution should be clearly assigned. This 6
could be organized within the institution, as a specific anti-corruption unit, as a senior anti-7
corruption officer or externally by other institutions. They shall understand the program and 8
its operations, as well as the anti-corruption risks and controls throughout the program; have 9
defined responsibilities; and be independent and have the right to report directly to the head of 10
the organization. 11
The unit/person for corruption prevention shall be established based on the tasks and size of 12
the organization and it may be responsible for more than one organization. 13
This unit/person may be charged with the following tasks covering the whole organizational 14
activities: 15
serving as a contact for organization staff and management, if needed without having to rely 16
on official channels, along with private persons (the unit/person shall have direct access and 17
may report to top management level (e.g. Head of Organization); 18
being the repository of knowledge on anti-corruption-risks and advising organization 19
management; 20
keeping staff members informed (e.g. by means of seminars, e-learning tools and 21
presentations on a regular basis); 22
assisting with training and having access to all anti-corruption related training sessions; 23
managing the risk assessment process 24
monitoring and assessing any indications of corruption; 25
helping keep the public informed about penalties under public service law and criminal law 26
37 GAO, A Framework for Managing Fraud Risks in Federal Programs, GAO-15-593SP (Washington, D.C., Jul. 28,
2015).
Page 21 of 54
(preventive effect) while respecting the privacy rights of those concerned. 1
If the unit/person becomes aware of facts leading to reasonable suspicion that a corruption 2
offense has been committed, the organization management shall be informed immediately and 3
recommendations shall be made on: 4
Conducting an internal examination, 5
Taking measures to improve transparency 6
Informing the law enforcement authorities (the organization management shall take the 7
necessary steps to deal with this matter) and 8
Reporting deficiencies in the existing corruption prevention systems. 9
The unit/person shall not be delegated any authority to carry out disciplinary measures and shall not 10
lead investigations in disciplinary proceedings for corruption cases. 11
Organizations shall provide this unit/person promptly and comprehensively with any information 12
needed to perform their duties, particularly with regard to incidents of suspected corruption. The 13
organization has the task to support the unit/person for corruption prevention in carrying out their 14
duties (e.g. by setting up special e-mail addresses or providing appropriate resources). 15
Even after completing their term of office, they shall not disclose any information they have gained 16
about staff members’ personal circumstances. They may, however, provide such information to 17
organization management or personnel management if they have a reasonable suspicion that a 18
corruption offence has been committed. Personal data shall be treated in accordance with the 19
principles of personnel records management. 20
The unit/person for corruption prevention is to be formally appointed. This appointment is to be 21
announced in the person’s area of responsibility. If the unit/person for corruption prevention is to be 22
responsible also for implementing the anti-corruption directive of the organization, in particular for 23
heading the independent organizational unit, the relevant organization may formally appoint the 24
unit/person to be its official. 25
Staff members responsible for carrying out security clearance of personnel may not serve as 26
unit/person for corruption prevention. 27
While continuing to perform their duties, the unit/person should work with staff in the internal audit 28
unit and with those responsible for implementing corruption prevention policies. 29
30
Page 22 of 54
2.4 Risk assessment and risk analysis (Risk management) 1
In all government organizations, at regular intervals measures shall be carried out to identify 2
areas of activity especially vulnerable to corruption and as warranted by circumstances. This 3
task may either be performed by external or internal organization. The use of risk analyses 4
shall be considered for this purpose. 5
Risk analyses are to be performed by government organizations on a regular basis and on an 6
ad hoc basis if actual threats materialize to identify and analyze organizational elements or 7
processes that are vulnerable to corruption. Organizations that effectively assess risks try to 8
take into consideration specific risks that the organization or program faces; analyze the 9
potential likelihood and impact of corruption; and ultimately prioritize risks and document 10
these decisions. In addition, the risk assessment process can be used to determine the extent to 11
which controls may no longer be relevant or cost-effective. There is no universally accepted 12
approach for risk assessment; however, they generally involve the following five actions: (1) 13
identifying risks affecting the program, (2) assessing the likelihood and impact of inherent 14
risks38, (3) determining the organization’s risk tolerance (e.g. willingness to accept a certain 15
level of risk of corruption based on the circumstances of the individual programs and other 16
objectives); (4) examining the suitability of existing controls and prioritizing risks; and (5) 17
documenting the program’s risk profile (e.g. summarizing and documenting key findings and 18
conclusions from the prior steps). 19
Specific steps that risk assessments may comprise include 20
evaluation of individual organizational structure, processes and procedures with regard to 21
the risk of corruption; 22
evaluation of audit records; 23
based on this, identification of potential risks (especially for financial fraud, e.g. in financial 24
statements); 25
valuation of potential financial losses and damage to reputation; 26
38.This could also include the consideration of the nature of the risks themselves in the analysis. Even though a risk may
have a small impact or likelihood of occurrence, by its very nature it may be significant to the organization and should
be considered and a response determined.
Page 23 of 54
checking the probability of risks and their consequences; 1
evaluation of internal control systems (e.g. security systems). 2
The results of the risk assessment shall be used to determine any changes in structures, 3
procedures or personnel assignments in order to eliminate the deficiencies identified. 4
The identification and analysis of areas of activity that are especially vulnerable to corruption 5
is a major task to be performed by government organizations. 6
An area of activity vulnerable to corruption is one where the following occurs (by staff, 7
custom or decision): 8
Third parties (individuals, businesses, associations, companies, other institutions) receive 9
material or non-material advantages or are preserved from disadvantages, and 10
Third parties are able to provide staff members with advantages to which they are not 11
entitled by law or collective bargaining agreements. 12
Furthermore, an area of activity associated with any of the following is especially vulnerable 13
to corruption: 14
frequent outside contacts – also in the course of checking and supervisory activities; 15
management of large budgets; 16
awarding of public contracts or subsidies, including the awarding of grants or other funding; 17
imposing of conditions, granting of concessions, approvals, permits, and the like, setting and 18
levying of fees; 19
processing of transactions and operations using internal information not intended for third 20
parties. 21
This applies only if 22
the potential advantage has a significant material or non-material value for third parties 23
or the potential disadvantage to third parties would result in punishment, a threat to their 24
business or to the existence of the affected institution. 25
The need for risk analysis in areas of activity considered especially vulnerable to corruption 26
should in principle be evaluated on a frequent and regular basis, required by significant 27
circumstances (e.g. every one to five years or following organizational or procedural changes 28
or changes in the nature of assigned tasks). In order to identify individual areas vulnerable to 29
Page 24 of 54
corruption, the following two-step procedure is expected to be performed by the government 1
organization: 2
A brief examination of vulnerability to corruption and of the effectiveness of existing 3
safeguards and internal controls (e.g. by examining organizational charts). 4
If a risk analysis is needed: Identify operations which are especially vulnerable to corruption 5
as well as existing safeguards and internal controls (e.g. by means of questionnaires and 6
supplementary interviews). 7
If a need for action is determined, the risk analysis should conclude by recommending and/or 8
ordering additional preventive measures and detective and corrective measures as well. 9
In addition to the items noted above, the following questions may be asked by the 10
organization’s management, anti-corruption unit/person and individual staff members through 11
self-assessment, as well as SAI auditors when auditing whether an activity is vulnerable to 12
corruption: 13
Are there or have there been instances of corruption in the area of activity? 14
Have third parties tried to influence the decisions of a staff member in this area? 15
Does the area manage budget funds or resources? 16
Is the area responsible for contracts, subsidies, funding? 17
Does the area impose conditions, grant concessions or authorizations? 18
Does the area charge fees? 19
Have there been known cases of corruption in comparable areas of activity at other 20
organizations? 21
Does the area of activity follow specifically defined work processes? 22
Is the position associated with special scope for action and discretionary powers? 23
Does the extent of decision-making authority vary depending on the size of contracts or 24
other criteria? 25
Does the area of activity have a final say regarding processing and decision-making? 26
Is there adequate administrative and task-related supervision? 27
Is personal integrity the only barrier to corruption in the area of activity? 28
Page 25 of 54
What in-house control mechanisms are in place? 1
Does the decision-making process provide for the double control by involving more than 2
one official responsible? 3
Do other organizational units also have to approve decisions? 4
Does decision-making ensure transparency, e.g. by means of checking operations, reporting, 5
explicitly designating responsibilities, or supplying accurate and full documentation 6
(minutes, notes, reports, proper record-keeping)? 7
Is the decision-making process required to be transparent even if no consent is needed from 8
a superior or another organizational unit entitled to participate? 9
Is there a requirement that a transparent, written record be kept of the decision-making 10
process, which can be followed by an auditing authority? 11
Are there any known violations of regulations (e.g. budget law, law on public procurement)? 12
Are there any complaints by the SAI or another supervisory authority, e.g. the independent 13
organizational unit for overseeing corruption prevention? 14
Government organizations as well as SAIs should be aware of factors related to increased 15
vulnerability, such as complexity, organizational change / dynamics, management style, 16
working environment and prior integrity incidents39. 17
Also a system of harmonized performance indicators could be established to measure the level 18
of corruption in a country based on transparency, disclosure and effective reporting. 19
Public institutions could perform self-assessments periodically to identify vulnerabilities. 20
IntoSAINT, for example, is a tool used by SAIs but can also be used by other public 21
organizations to self-assess their vulnerability concerning potential integrity breaches. 22
IntoSAINT is targeted at corruption prevention and leads to management recommendations to 23
support the integrity of the organization. It is a ‘qualitative tool’ that enables the user to 24
design a tailor made integrity policy and at the same time increases the integrity awareness of 25
employees. 26
39 Handbook for Self - assesment Integrity IntoSAINT, 2011. SAI of the Netherlands.
Page 26 of 54
The basic principles of IntoSAINT are self-assessment, targeted at prevention, raising general 1
integrity awareness, learning to think in terms of vulnerability and risk, and concrete 2
management reports/action plans. 3
4
2.5 Anti-Corruption Program (Modules of corruption prevention) 5
Based on the results of an entity’s risk assessment, including its risk profile (if this step was 6
taken), the organization should develop and document a strategy for fighting corruption; 7
including identifying specific control objectives and developing and implementing 8
appropriate measures and specific control activities to prevent corruption. 9
A comprehensive and reasonable anti-corruption programme has to be integrated into the 10
overall organizational structure. This programme must focus on three elements: Prevention – 11
Detection – Reaction. 12
13
14 15
16
Page 27 of 54
Fig. 2: Modules of Corruption Prevention, SAI of Austria 1
2
2.5.1 Prevention of Corruption 3
A primary objective for the government is to prevent errors or irregularities from occurring in 4
an organization due to corruption or other misconduct. 5
For the prevention of corruption the following program elements should be considered: 6
Appropriate framework of standards and regulations 7
Code of ethics 8
Appropriate Human Resources management 9
Appropriate internal control system 10
Use of E-government 11
12
2.5.1.1 Appropriate framework of standards and regulations 13
In the past two decades, there have been radical changes in public sector management. 14
Although the issues between developed and developing countries are different, one common 15
theme is how to bolster public management accountability. Key stakeholders such as the 16
public and the legislature have become increasingly interested in how public funds are 17
allocated and spent, as well as how to reduce public spending by limiting costs associated 18
with moral hazard (the risk that the presence of action will affect other parties) and adverse 19
selection (a situation where asymmetric information results in harming other parties). 20
Results-based management attempts to address these issues. Governments around the world 21
should take additional steps to ensure that public service is being performed in an effective 22
manner which will also help further anti-corruption efforts. Results based management has 23
been acknowledged as a successful reform in the developed countries such as United States, 24
New Zealand, Sweden and United Kingdom. 25
Page 28 of 54
In the 2003 United Nation Guide for Anti-Corruption Policies, the United Nation also 1
mentioned the importance of result-based management40. In order to provide a coherent 2
accountability framework, many governments and organizations have adopted results-based 3
management, also known as facts-based management and performance management. 4
Managers who effectively manage corruption and other risks develop and document strategies 5
that describe the organization’s approach for addressing the risks identified in its risk 6
assessment. A compendium of documents, guidelines, regulations and other tools is an 7
essential element of corruption prevention systems. The scope of these documents has to 8
cover all vulnerable areas to corruption in an organization that are ideally identified as the 9
result of a risk analysis. Additionally, the values of an organization have to be emphasized in 10
such documents. 11
Topics for such regulations might be: 12
Secondary employment 13
Conflict of interests 14
Acceptance of gifts or invitations 15
Handling of whistleblowers 16
Handling of restricted information 17
Post-public employment 18
19
In addition, the issue of open government, where citizens have the right to access the 20
documents and proceedings of the government, allows for further effective public oversight 21
and thus deters corruption. Requests for information by citizens have been embedded in 22
legislation in a number of countries through the enactment and coming into force of the 23
Freedom of Information Act. 24
25
2.5.1.2 Code of Ethics 26
Every public institution should be equipped with a code of ethics. 27
40 United Nations Guide for Anti-corruption Policies. www.unodc.org/pdf/crime/corruption/UN_Guide.pdf
Page 29 of 54
A code of ethics is a set of conventional principles binding any person, from managerial to 1
official level, to properly behave in accordance with stakeholders' expectation41. 2
Code of ethics is a moral guidance to be obeyed by all management and staff in an 3
organization to maintain individual and organization credibility. At the minimum, a code of 4
ethics should set out: 5
Core values of an institution, covering integrity, independence, objectivity, impartiality, 6
confidentiality, and competence. 7
Obligation of the institution's management and employees to meet the core values. 8
9
Every public institution should disseminate the code of ethics as an integrated part of 10
corruption prevention. 11
Effective corruption prevention could be achieved if all management and staff understand the 12
institution’s code of conduct properly. A good understanding of an institution’s code of ethics 13
can be achieved through a regular and effective dissemination of the code to every level of the 14
organization. 15
Usually, a new employee is equipped with a complete set of company guidelines including the 16
code of ethics. However, without any proper explanation on the substance of the code of 17
ethics, the new employee would not get a comprehensive understanding and he/she may not 18
practice it properly in daily business. 19
20
Every public institution should establish an appropriate way to monitor the 21
implementation of its code of ethics. 22
A specific unit or committee is established to ensure that the code of ethics is utilized properly 23
and to impose punishment to the violation of the code of ethics, e.g. Ethics Committee. 24
If a public institution and/or SAI establishes a committee, its members should consist of 25
representatives of top management, legal division, internal auditor division and independent 26
party. 27
41 ISSAI 30, Code of Ethics,
Page 30 of 54
1
Every public institution should review its code of ethics periodically. 2
A code of ethics is strict in nature but should be dynamic and follows any changes in business 3
practice and related regulations. The code of ethics should be reviewed on a frequent and 4
regular basis (e.g. every five years) or as required by significant circumstances, depending on 5
the serving term of top management. 6
There are few questions in relation to the code of ethics that should be asked by the auditor 7
including: 8
Does the organization have a code of ethics? 9
What is stipulated in the code of ethics? 10
Does the code of ethics set out core values of an organization, such as integrity, 11
independence, objectivity, impartiality, confidentiality and competence? 12
Does the code of ethics set out obligations of the organization’s management and staff to 13
meet the core values? 14
Examples of core values in an organization are objectivity, integrity and professionalism. Thus, 15
the code of ethics reflects the following: 16
observation of professional oath and pledge 17
acting neutrally and impartially 18
avoiding any conflict of interests 19
acting firmly in implementing principles, norms and decisions 20
acting firmly in expressing and/or conducting anything required based on their consideration 21
and conviction 22
acting in good faith by maintaining confidentiality 23
avoiding receiving undue advantages 24
avoiding the use of state confidential information which becomes disclosed due to their 25
positions or function for personal, group, or other party interests 26
avoiding to perform actions beyond their scope of duties and authorities 27
28
Page 31 of 54
2.5.1.3 Appropriate Human Resources (HR) - Management 1
Besides an appropriate framework of standards and regulations, human resource management 2
is an important aspect in the prevention of corruption. 3
In this context the following elements have to be considered: 4
Merit-based human resources management 5
Training 6
Job rotation 7
Merit-Based Human Resources Management 8
Merit-based human resources management is a key element in fighting against corruption. To 9
prevent the undue influence of public sector human resources management processes, 10
selection and promotion criteria and procedures need to be fair, predefined and clearly 11
documented, so that the margin of discretion and arbitration is limited. Appeal structures and 12
mechanisms also need to be in place to ensure effective remediation. Effective human 13
resource management can reduce potential risks and control weaknesses through the 14
appointment of competent staff to implement procedures and controls. This includes also the 15
payment of adequate and fair remuneration to all civil servants so that they may not become 16
involved in corruption. 17
Personnel for areas that are especially vulnerable to corruption must be recruited with special 18
diligence. For executive or management positions the need for completing anti-corruption 19
trainings should be a prerequisite for appointment, promotion and succession. 20
Training 21
Every public institution should organize a training program to enhance employee's awareness 22
on the danger of corruption. The training program is required to accelerate the understanding 23
of the danger of corruption, thus enhancing the corruption prevention efforts. The training 24
should be repeated periodically and should cover the need and rank of the specific position. 25
Newly hired staff shall undergo a specific anti-corruption training to be documented in the 26
personal file. Efforts should be made by the organization to ensure a clear understanding of 27
the code and its principles has been achieved by staff after training. 28
Job Rotation 29
Page 32 of 54
Job rotation is a job design technique that systematically assigns employees to various jobs 1
and departments over a period of a few years. The objective is to expose employees to 2
different experiences and wider variety of skills to enhance job satisfaction and to cross-train 3
them. In addition to being a learning mechanism, job rotation can also be used as a tool to 4
prevent corruption. However, there are both positive and negative effects involved in job 5
rotation that need to be taken into due consideration when the decision to utilize this technique 6
is made. 7
Positive effect of job rotation: 8
Job rotation is an aspect of successful work environment that is often ignored by employers. 9
Job rotation can provide tremendous benefits to both employees and employers alike, 10
including in the following area: 11
Increase employee knowledge: Rotating jobs enable employees to learn different aspects of 12
the job, to gain a wider spectrum of their studies and to experience how to perform their jobs 13
at their best. Hence, they have the opportunity to learn necessary skills which can help them to 14
advance within the organization. This may also boost their morale and self-efficacy. Apart 15
from that, having several employees who are knowledgeable about different tasks can be of 16
merit as if one employee decides to leave, the other can take his/her place without too much 17
effort needed. 18
Key staff: Employers often have difficulty trying to hire for key positions or hard-to-find 19
skills. Job rotation solves this by offering internal set of employee skills that can often be 20
helpful in other positions in addition to an employee’s current ones. Hence, the organization 21
can run more efficiently, and as a result, become more productive and profitable. 22
Cost savings: Job rotation seems to be costly, yet in reality hiring someone who is completely 23
new to a position will require additional training. 24
Develop career: Job rotation can be seen as a means to develop an employee’s career and 25
move him laterally. Whatever the move is, it can be advised as a promotion or advancement 26
along the career path to a new position which requires further knowledge in different 27
departments or organization activities. 28
Minimize corruption: Instead of having a few employees undertaking activities that have a 29
high risk of corruption, more employees can be trained to also undertake those activities thus 30
the risk of corruption may be reduced, especially when combined with job rotation allocation 31
of tasks. 32
Page 33 of 54
Negative effects of job rotation: 1
There are some negative attributes associated with job rotation. Some positions within an 2
organization may not be eligible for rotation due to the need for special expertise. These 3
positions may not fit the profile for rotation opportunities because of rules and regulations on 4
competency and also costs involved to train the workers. Another problem faced by 5
organizations is the possibility of having to compensate staff for cooperation with job rotation 6
implementation, since this can lead to wage inequality. Utilization of job rotation may have 7
the effect of reducing a workforce because of the cross-training involved; an organization may 8
not need to hire additional staff to cover positions and may possibly lay-off current employees 9
no longer considered necessary. Finally, job rotation could lead to improper behaviors 10
including corruption especially if an employee wants to avoid such rotation. 11
Job rotation as a tool for fighting corruption: 12
The decision to utilize job rotation needs to be thoroughly evaluated based not only on the 13
positive but also negative aspects an organization may face. More importantly, the 14
organization should also evaluate the risk of corruption associated with the task. Although top 15
management may have a conception of what corruption is, the image may differ from 16
executive to executive and may, indeed, differ widely in respect of the true nature of 17
corruption. In order to adopt a job rotation policy to fight corruption within the organization, a 18
full corruption risk assessment is required to identify the specific opportunities a given set of 19
operations. Only then can a system of internal controls related to job rotation be designed to 20
address those specific risks. Even then, corruption can never be truly eliminated but they can 21
provide reasonable assurance that not only instances of corruption but also waste and general 22
misuse of resources can be reduced. 23
Red flags are early warning indicators that the risk of corruption in a particular area is either 24
higher than is normally tolerable or has increased over a period of time. Identifying activities 25
and jobs that are especially at risk in relation to corruption is important. The need for job 26
rotation should be considered when certain employee behavior is observed, including the 27
following: 28
Employee maintains a very close relationship with vendors or customers 29
Employee accessibly dominates and controls a particular process 30
Employee refuses a promotion 31
Page 34 of 54
Employee refuses to take vacation time 1
Employee works unnecessary overtime 2
Productivity decreases and signs of dissatisfaction at work increases 3
Mood changes and irritability increases 4
Borrowing money from co-workers 5
Rewriting records for neatness 6
Sudden increase in the visibility of material possessions without a reasonable cause 7
Apparent increase in absenteeism 8
Dislike of oversight 9
Destroying work-related information 10
Implementation of job rotation: 11
The policy of job rotation varies between entities. For example, in one INTOSAI member 12
country, the heads of the regional departments of federal bodies and their deputies responsible 13
for control and supervisory functions will be subject to job rotation. In April 2010, the 14
government adopted measures aimed at implementing a job rotation mechanism for public 15
servants. The need for job rotation as an anti-corruption measure is also required by law in 16
regards to the federal public service within this country. The term of service for the heads of 17
regional departments and their deputies will last three to five years. All the decisions on their 18
job rotation will be made by the president or the government. The job rotation for public 19
servants is also mentioned in the United Nations Convention against Corruption (UNCAC) 20
adopted in 2003. This member country had previously ratified this legally binding 21
international anti-corruption instrument that obliges the signatories to implement a range of 22
anti-corruption measures affecting their state’s legislation, institutions and practices. 23
In ensuring that job rotation is sufficient and effective, an auditor should take necessary steps 24
to ascertain the existence of control mechanisms. 25
There are few questions in relating to job rotation planning and implementation that should be 26
asked by an auditor including: 27
Does the entity have any policy regarding job rotation? 28
Is its design based on risk analysis? 29
Page 35 of 54
Is the policy being implemented? If not, why? 1
Who makes decisions regarding job rotation? 2
Does he/she have the authority? 3
Who is eligible for job rotation? Why? 4
What action has been taken to ensure that the policy is adhered to in the future? 5
Is the policy being reviewed? 6
How, when and why is rotation to take place? 7
How much time does it take to choose the right candidate? 8
Are the right people being notified? 9
10
2.5.1.4 Internal control 11
Internal control is broadly defined as a process, affected by an organization's board of 12
directors, management and other personnel, designed to provide reasonable assurance 13
regarding the achievement of objectives in the following categories: effectiveness and 14
efficiency of operations, reliability of financial and non-financial reporting and compliance 15
with applicable laws and regulations. 16
Internal control is also the process designed to ensure reliable financial reporting, effective 17
and efficient operations, and compliance with applicable laws in order to safeguard 18
organization assets against theft and unauthorized use, acquisition or disposal42. 19
In addition, internal controls include a training program of analyzing and preparing reports for 20
different administrative levels which enable the executives to conduct internal control in 21
various activities particularly in large organizations. 22
Examples of internal controls are: 23
Segregation of duties 24
Multiple eye principle 25
42 Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013.
Page 36 of 54
Supervision 1
Transparent decision-making processes 2
Need to know principle 3
Informatıon Technology Control Actıvıtıes 4
“There are several keys to effective corruption prevention, but some of the most important 5
tools in the institution or organization toolbox are strong internal controls”43.The focus of this 6
part is on strengthening the role of internal control in corruption prevention (additional 7
information on internal control is provided by INTOSAI GOV 9100). 8
The following case studies illustrate some weaknesses in internal controls: 9
Case study 1: 10
In 2010, a contractor was bidding for a highway construction tender by a Ministry of the 11
Federal Government. On the day before the tender result was to be announced, the contractor 12
received an email sent from an unknown webmail account soliciting a bribe amounting to a 13
percentage of the project value to guarantee the contractor would win the project. The 14
contractor did not respond and the tender was awarded to another party. 15
The initial complaint of the contractor was investigated for what evidence could be obtained 16
and the results forwarded to the Ministry. The resulting investigation revealed a number of 17
contributing factors, in what proved to be tender rigging by an employee of the Ministry who 18
was ultimately convicted of the offence by the courts, which would have thrown up red flags 19
of potential corruption. The perpetrator was in charge of a number of functions in the ministry 20
and this was due to a lack of delimitation of duties. 21
22
23
Case study 2: 24
43 Fraud prevention: Improving internal controls, By Daniel Draz, M.S., CFE, March 2011. www.csoonline.com
http://www.csoonline.com/article/678375/fraud-prevention-improving-internal-controls-
Page 37 of 54
Information was provided to the Chief Executive Officer by a whistleblower that two 1
employees in charge of its workshop were receiving kickbacks from a transport contractor. 2
The investigation uncovered information that indicated payments were made by the contractor 3
to workshop employees. In addition, it was determined that the Contractor was overcharging 4
the organization and numerous other suspected frauds perpetrated on the organization by the 5
two employees were discovered. It was revealed that one of the two individuals involved was 6
responsible for commissioning work from the contractor, preparing material orders to be 7
signed by the project managers in charge of budget and often signed invoices as well. This 8
shows that there was no delimitation of duties in this organization. 9
Case study 3: 10
An organization often received complaints about overcharging of prices by a supplier. An 11
investigation was carried out on suspected overcharging by a supplier providing services 12
under contract. The investigation began as a data review for duplicate payments, and when a 13
number of events were detected, the investigation was widened. Further anomalies were 14
detected including progress payments processed without adequate justification or a milestone 15
associated with the payment not having been reached. Payments or invoices that could not be 16
linked to any particular work were also found. A review of the relationship with the vendor 17
indicated a sudden increase in volume of work three years before. It was found that tender 18
documents were written to favor the vendor by the individuals that recommended the vendor. 19
This occurred in this organization due to no delimitation of duties. 20
Knowing where to look for areas vulnerable to corruption and what specific signs or red flags 21
to look for is an important starting point for managing the risks of corruption. After these are 22
identified, policies can be developed and implemented to prevent corruption. Such policies 23
should accommodate an accurate risk profile for an organization, as well as provide for 24
training and awareness programs that target the risk points, encourage the effective 25
delimitation of duties and involve targeted surprise audits to detect acts of corruption. 26
The following case studies illustrate some of the signs of weaknesses in supervisory controls: 27
Case study 1: 28
In a government organization it was reported that an executive officer of a regional 29
development board had engaged in corrupt conduct. He had illegally obtained public funds 30
and used them for the benefit of himself and his family. 31
Page 38 of 54
The man was a middle-ranking public official of long standing on a modest salary, working in 1
a location away from the head office of his organization. Reporting lines were ambiguous or 2
not properly understood or applied by the relevant managers. He reported to a regional office 3
but on an ad hoc basis and mostly via telephone, which was not adequately recorded on files. 4
This lack of supervision meant that he was able to exercise a high level of discretion. 5
Another risk factor identified in the investigation was the apparent lack of direction by senior 6
management and the lack of performance management. Remote officials were expected to 7
define, create and manage their own work program with minimal reference to the head office 8
and little or no supervision. 9
It was recommended that: 10
appropriate management, performance management, accountability and reporting controls 11
be placed on small, remote offices and that internal audit programs pay particular attention 12
to their program management and expenditures and 13
adequate access be provided to employees in regional and remote offices to incorporate 14
training, including training in ethical standards and codes of conduct. 15
Case study 2: 16
In a training institute under the Ministry of Youth and Sports, a procurement contract was 17
signed with a contractor to supply certain tools for the specific programs conducted at the 18
training institute. However, the auditor found that there were significant differences in price 19
quoted in the supplier’s contracts when compared with the prices of the same tools that were 20
being supplied by different suppliers to the same institution. In this case, exorbitant prices 21
were charged for tools, digital cameras and other items. 22
The underlying cause was attributed to the absence of supervision by the head of the training 23
institute. Adequate supervision is essential in operations such as those related to contracts. It 24
was found that monitoring the operation of the contract is the key to ensuring that suppliers 25
meet the terms and conditions of the contract for price, standards, and delivery. 26
Case study 3: 27
The Anti-Corruption Agency has arrested an engineer with a Municipal Council and a 28
contractor for alleged graft involving $47,100. The contractor was arrested for allegedly 29
providing false information when making his claim for the construction of a retaining wall. 30
The engineer was arrested as he was alleged to have abetted the contractor. It was found that 31
Page 39 of 54
the contractor had submitted a claim for $88,100 as the cost of construction for the retaining 1
wall when in fact the cost was only $41,000. Both were being investigated and charged in the 2
court. 3
Auditors found during their review that the contractor allowed unsupervised modification 4
without any documentary support and verification by superiors. Auditors also identified 5
supervision, as well as lack of training as an internal control weakness. 6
2.5.1.5 Use of e-government 7
E-government may also be used as a specific corruption measure as the use of IT 8
depersonalizes and standardizes the provision of services, requires that rules and procedures 9
be standardized and made explicit for IT systems to function effectively and makes it possible 10
to track decisions and actions. All these serve as a deterrent to corruption. 11
12
2.5.2. Detection of Corruption 13
Managers have the task to continually monitor their operations and take prompt, responsive 14
action on all findings of irregular, uneconomical, inefficient, and ineffective operations. 15
Monitoring operations is very important to ensure that controls are achieving the desired 16
results. Often it was found that without the necessary understanding and monitoring, it is more 17
convenient for people not to follow established control practices. In some cases, instances of 18
weak internal controls are identified and reported, management responds to the points raised 19
and early corrective action is normally taken. 20
The followıng examples of ınstruments for the detectıon of corruptıon can be considered: 21
22
2.5.2.1 Whistleblowing Mechanism 23
A whistleblowing mechanism is a formal means of communication established by the 24
institution so that public officials and any interested third party may provide information about 25
possible corrupt actions or transgressions that have happened in the past or are currently 26
happening. 27
This mechanism may be comprised of letter-boxes, telephone lines, emails or websites 28
designed to receive the above mentioned denunciations. 29
Whistleblowing mechanisms are a fundamental means of preventing, detecting and deterring 30
corrupt actions, integrity breaches and inappropriate behavior. 31
Page 40 of 54
Specialized studies have pointed out that whistleblowing mechanisms have traditionally been 1
the most effective way to discover corrupt actions, frauds and other irregular behaviors, 2
surpassing by far other corruption controls such as external and internal audits and 3
management verifications. 4
These mechanisms are also important dissuasive elements as they convey the message that 5
actions opposed to the integrity policy may be easily reported and taken care of. 6
Likewise, when such a mechanism is adequately tailored to the institution’s needs and 7
implemented, it significantly reduces the amount of actual corruption that takes place and the 8
amount of losses the institution faces due to earlier detection. 9
The correct implementation of a whistleblowing mechanism requires, among other things, that 10
the policy is properly communicated within the institution at every level and with interested 11
third parties. The policy should also ensure that whistleblowers can inform about irregularities 12
in an anonymous, confidential and consequence-free fashion. 13
The mechanism must include a tracking system that records the reports and that ensures that 14
reports are followed up on appropriately. The institution’s anti-corruption unit, or an 15
equivalent, should supervise the effectiveness of compliance with the mechanism. 16
Senior management must periodically promote that any suspicious activity is reported in a 17
timely manner and emphasize the anonymity of the whistleblowers and the lack of reprisals 18
for them. 19
The institute of internal auditors provides a framework of worldwide professional practices 20
which may also be taken into account by the auditors evaluating the corruption prevention 21
system44. 22
2.5.2.2 Internal audit 23
Internal audit is an important tool to detect corrupt practices and can be usually divided into: 24
Administrative (operational) audit that includes: 25
assessing and testing administrative activities and management results; 26
evaluating and examining processes of the entity and 27
44 https://na.theiia.org/Pages/IIAHome.aspx
Page 41 of 54
evaluating the efficiency of utilizing human and material resources, and 1
developing recommendations for improvement. 2
3
Financial audit focuses on determining whether an entity’s financial information is 4
presented in accordance with the applicable financial reporting and regulatory 5
framework45, including: 6
tracking accounting entries by performing documentary and arithmetic tests; 7
ascertaining the integrity and compatibility of systems, regulations, and 8
generally accepted accounting principles; 9
ensuring the presence of safeguards for the assets against embezzlement, fraud, 10
and abuse and 11
testing and assessing the strength, reliability,and efficiency of internal controls. 12
13
SAI auditors are expected to ask at least the following questions about internal audits, 14
including whether the internal auditors: 15
perform their duties honestly, diligently and responsibly? 16
observe the implementation of financial laws and expect to detect wrongdoings by 17
doing so? 18
respect and promote the legal and ethical objectives of their institution? 19
take part in any activities that may undermine their impartial judgements? 20
accept any material benefits that may undermine their professional judgement? 21
disclose all material findings detected in the course of their work? 22
safeguard information obtained in the course of their work according to the principle of 23
confidentiality? 24
perform their duties with due care and diligence according to the standards of the 25
profession? 26
45 ISSAI 200 - Fundamental Principles of Financial Auditing. http://www.issai.org/media/69910/issai-200-english.pdf
Page 42 of 54
consistently enhance and develop their efficiency and effectiveness in performing their 1
duties? 2
3
2.5.3 Reaction to corruption 4
Every organization should ensure that corrupt or fraudulent misconduct is subject to 5
appropriate response or reaction by management. This includes measures established by 6
criminal law, disciplinary law, labor law or private law. Corruption cases should be analyzed 7
and, where necessary, should be a reason for the revision of the corruption prevention 8
measures. 9
Corruption response refers to a plan of action that is put in place when a suspected corrupt behavior 10
is discovered or reported. The purpose of this plan is to define the responsibilities for actions, such 11
as: 12
Examining corruption cases and taking appropriate action, 13
Securing evidence for disciplinary and/or criminal action, 14
Preventing further loss, 15
Recovering losses, 16
Establishing lines of communication with the relevant law enforcement organizations, 17
Reviewing internal controls following a corruption case, and 18
Corruption reporting arrangements. 19
Once a suspected corruption case has been reported or identified, an assessment of the situation 20
should be made. Consideration should be given to the following factors: 21
The source of discovery of the suspected corruption, 22
The authenticity of the information initially received; and 23
Line management’s initial assessment of the circumstances involved. 24
The purpose of an assessment is to allow a decision to be made on the appropriate action to be 25
taken. This could include: 26
Whether or not the matter should be reported to the relevant law enforcement organizations, 27
Whether or not the matter requires reporting to the State Audit Institution or any other 28
external organization, 29
Whether or not a formal internal investigation is required, 30
Who should conduct an internal investigation, 31
Page 43 of 54
Whether or not action needs to be taken to secure the organization’s assets, resources or 1
information. 2
Suspected corruption should be reported to the relevant law enforcement organizations where there 3
is the likelihood that criminal activity has taken place. If the suspected corruptıve or fraudulent 4
activity is considered to be of this nature and the matter is reported to the relevant law enforcement 5
organizations, no attempt must be made by the organization’s personnel to question the employee(s) 6
or third parties involved as this could prejudice future investigations and subsequent prosecutions of 7
relevant law enforcement organizations. 8
Investigations may involve people from the organization itself, such as internal auditors or finance 9
managers, or may involve external parties who have particular skills and are engaged specifically to 10
assist the investigation. 11
The decision will depend on the circumstances and the relevant expertise required. In any event, the 12
person chosen must have the appropriate qualifications and experience to carry out an investigation. 13
In some cases it may be necessary to take action to secure assets and preserve information. Such 14
actions could include: 15
Directing the Head of Human Resources to stand down or suspend from work the suspected 16
employee(s), pending the outcome of any investigation, 17
Securing the suspect’s work station and documentation and making it inaccessible to the 18
suspect and any other unauthorized employees, 19
Directing the Head of Information Technology to ensure that information contained on PCs, 20
laptops or on the organization’s network relating to corruption cannot be accessed, 21
destroyed or corrupted, 22
If an external contractor/supplier/consultant is suspected, directing the Head of Finance to 23
immediately suspend any payments due, and 24
Physically securing cash, assets or other material that may be at risk. 25
As part of the examination, the actual amount of any loss will be quantified to the extent possible. 26
Repayment of losses caused by any corrupt, fraudulent or unethical activity should be sought in all 27
cases. This includes an assessment of the costs versus the benefits. Where the loss is substantial, 28
legal advice should be obtained about the possibility of freezing the suspect’s assets through the 29
court, pending conclusion of the investigation. Legal advice may also be obtained about prospects 30
for recovering losses through the civil court, if the person involved refuses to make repayment. 31
A critical outcome of a corruption investigation is the identification of the control failures that 32
allowed the corruption to occur. In each instance where a corrupt activity is detected a review 33
Page 44 of 54
should be undertaken to assess the adequacy of the organization’s internal controls and determine 1
what action needs to be taken. 2
Irrespective of whether the investigation is internal or external, proper records should be maintained 3
for all investigations. This includes for the investigation itself and any consequent disciplinary 4
proceedings and changes to internal control arrangements. 5
Once an investigation is concluded, the results should be reported to the Board or Audit Committee, 6
and the Head of Internal Audit. An annual report on corruption may also be presented detailing: 7
All instances of corruption reported against the organization, 8
The outcome of internal corruption investigations, 9
The status of cases of corruption referred to external organizations for investigation, 10
The results of any completed prosecutions or administrative actions, and 11
Internal control modifications made subsequent to any corruption. 12
13
2.6 Communication - Reporting 14
2.6.1 Reporting to institutions outside the auditee’s body (SAI, parliament, IG, prosecutors) 15
Information is necessary for an institution to perform its corruption prevention responsibilities 16
and to carry out its activities in a way that contribute to the accomplishment of goals and 17
objectives and within an effective and transparent environment. 18
Likewise, when communication flows internally and externally, it gives public officers the 19
necessary information to execute anticorruption activities on a daily basis and it enables them 20
to understand the individual shares of responsibility on the achievement of institutional 21
integrity goals and objectives, the fulfillment of legal obligations and avoiding the misuse or 22
waste of resources. 23
24
Page 45 of 54
1
2
Fig. 3: Internal and external Communication Flows, SAI of Mexico 3
4
2.6.2 Gathering and disseminating information from internal and external sources 5
The information coming from internal and external units is gathered and analyzed 6
continuously while institutions carry out their duties and make decisions regarding the general 7
functioning of the institution and specific activities of each area. 8
It is essential that the institution implements adequate mechanisms throughout this process to 9
identify and communicate within the organizational structure information relevant to integrity 10
safeguarding. 11
The anticorruption unit or its institutional equivalent must assure that the relevant and 12
pertinent information produced internally reaches the senior management and the head of the 13
institution in a timely manner. 14
As a supporting feature, this unit should also monitor for any external information that may be 15
relevant to the institution meeting its integrity goals and objectives and share this information 16
Page 46 of 54
with senior management and the head of the institution. Such information can include: audit 1
findings, legal changes that affect the institution’s operations or the issuing of new guidelines, 2
operation rules or general programs related to the entity. 3
The institution will have a better chance of being effective and efficient about its integrity 4
tasks and responsibilities if it is effective in identifying, gathering and delivering relevant 5
information to the adequate public officials, in the correct way and at the right time. 6
As to mid-level management, they should receive analytical information to help them identify 7
specific actions to perform in order to promote integrity and avoid corruption in their areas of 8
responsibility. The degree of detail of this information will depend on the directive level. 9
The information presented has to be clear, simple, synthesized and it has to be at hand for an 10
effective follow-up on vulnerable events, activities and operations that enhances prompt 11
responses. 12
Summing up, all public officials must receive, according to their authority level and their 13
degree of responsibility towards the institutional integrity, information that helps them 14
determine if anti-corruption strategic objectives are being met, if the annual development 15
plans on the topic are being followed and if the institutional goals on transparency, legality 16
and accountability are being achieved. 17
18
2.6.3 Communications 19
Communication is the continuous process of providing, exchanging and obtaining information 20
that an institution performs to support the gathering and dissemination of relevant information, 21
which protects it against corruption and helps safeguard its integrity. Internal communication 22
is the means to transmit and spread information throughout the whole institution. 23
Such information enables public servants to receive from the head of the institution and senior 24
management a clear message stating that the anti-corruption, internal control and integrity 25
enhancing responsibilities should be taken seriously. 26
External communication goes both ways: on one hand it provides institutions with external 27
information related to its values and principles and, at the same time, it is the channel whereby 28
the entity delivers information to external parties in response to its needs, expectations and 29
institutional integrity criteria. 30
Page 47 of 54
In this way, communication with other public institutions, providers, media, citizenry and 1
other stakeholders allows the institution to gather and deliver information to develop and 2
better address the mission, goals, objectives and integrity risks that the institution faces. 3
Even though there are multiple ways and means available for institutions, each organization 4
should establish those that are most suitable according to its mandate and duties. 5
6
2.6.4 Written plan on institutional communication 7
Communication methods within institutions include handbooks, guidelines, directives, 8
policies, procedures, reports, memos, statistical reports, notifications, notice boards, websites, 9
intranet, recorded messages and videos, email and speeches, among others. 10
These methods should ensure the quality of the information in terms of integrity, reliability, 11
completeness, precision and pertinence; the release of unreliable or mistaken information 12
affects the institution’s image and increases the possibility of corruption materialization. 13
Thus, institutions need to develop, administer and test their information systems and trace a 14
continuous improvement plan to guarantee the effectiveness and reliability of the information 15
it conveys. 16
The operation of information and communication systems is to be based on a plan whose 17
goals and objectives are related to the institutional strategic plan, ensuring the existence of 18
mechanisms to identify the upcoming information needs. 19
Also, as part of the information management process, the institution should control, analyze, 20
evaluate and improve their technological infrastructure in order to increase its response ability 21
to its users. 22
The head of the institution and senior management have to supervise periodically by proper 23
mechanisms, the quality of the produced and transmitted information according to the 24
directives contained in the information systems continuous improvement plan. These actions 25
should take into consideration factors such as the precision and exactness of the contents, as 26
well as relevance and accessibility of data. 27
It should be pointed out that the information that institutions convey to external parties is 28
usually governed by legal obligations relative to transparency, accountability and information 29
access. As so, the data gathered by the government institutions is public; public officials do 30
not hold exclusivity rights over it and it must be available to petitioners. 31
Page 48 of 54
Every institution is to analyze its information access obligations and set up the communication 1
mechanisms it will use to spread and deliver data according to the applicable legal provisions. 2
3
2.6.5 Effective internal communication 4
Effective internal communication is a central element for ensuring that integrity rules and 5
directives are applied in a timely manner and adequately because it is necessary to spread the 6
above mentioned message of the head of the institution about the seriousness of the 7
anticorruption responsibilities. Hence, government institutions have to set up mechanisms that 8
facilitate the vertical, horizontal and transversal flow of information within the entity so as to 9
promote a dynamic, simple and prompt communication between the different authority lines. 10
Public officials must be clearly informed about their specific tasks through formal 11
mechanisms so that they identify their responsibilities regarding integrity safeguarding and the 12
way in which their work is interconnected with the one of other public servants and third 13
parties. This helps prevent and deter possible corrupt activities. 14
Further, communication on integrity issues should include letting the public officials know 15
that, if they discover the lack of enforcement of an existing control, not only are they to 16
analyze and register the incident, but also the underlying causes that led to it in order to be 17
able to correct the structural weaknesses of anticorruption controls. 18
There are cases in which some areas of the institution are temporarily or periodically located 19
on distant geographic places. If so, the entity must carry out special efforts to assure a constant 20
communication between senior management and all operative executives and regional 21
programs is properly established. 22
Such interaction should create a synergy that contributes to ensuring that all public officials, 23
regardless of the place they are, are working towards the same goals and objectives and that 24
every area is aware of each other’s integrity indicators and anticorruption directives. 25
The institution must establish adequate mechanisms for officials to communicate relevant and 26
pertinent integrity information to higher hierarchical levels without depending on his direct 27
supervisor. In turn, the head of the institution and senior management must show a true will to 28
listen. 29
Page 49 of 54
A common practice to achieving this goal is the implementation of websites or emails, 1
telephones or letter-boxes. All received cases have to be registered and properly and promptly 2
followed up under clearly defined authority lines. 3
As mentioned above, staff must be sure that no reprisals will be brought for informing about 4
possible corrupt acts or violations to the integrity policy. Otherwise, the effectiveness of the 5
whistleblowing mechanism will be seriously diminished. 6
As a supplementary activity to the channels for communicating irregularities, institutions 7
design mechanisms to let the public officials and third stakeholders to suggest improvements 8
to the entity’s operations, such as letter-boxes, emails or hotlines. 9
Finally, codes of ethics and conduct perform an important role as internal communication 10
methods that disseminate knowledge about the conducts that are acceptable and those that are 11
not, as well as the consequences of an inadequate conduct. 12
13
2.6.6 Effective external communication 14
In order to mitigate possible corruption from external parties it is important that entities 15
establish effective communication with all entities that might have an impact on the integrity 16
of its activities, programs, projects, operations and other institutional activities. 17
Therefore, institutions must implement formal communication channels with other public 18
entities, providers, contractors, consultants, citizenry and other interest groups that could 19
contribute on the quality and design of the functions, products and services offered by the 20
institution, according to its mandate and responsibilities. 21
The extended use of social networks and technological development contribute to the 22
implementation of these kinds of practices. Regardless of the means by which information is 23
obtained from external sources, it should be processed and documented formally and it must 24
be continuously monitored in a way that assures its effectiveness and efficiency. 25
Likewise, it is important that the institution guarantees that every external party with whom it 26
communicates is informed of the ethical rules that govern the entity’s actions and that it 27
conveys the message that improper actions, such as the filing of inaccurate bills or the attempt 28
to bribe a public official, among other, will be detected and sanctioned. 29
The infrastructure that handles communications varies among entities according to their 30
nature, size and mandate. However, every public institution should ensure that its 31
Page 50 of 54
communications comply with the best practices through clear policies and programs that are 1
adequate in terms of cost-benefit evaluations. 2
3
2.6.7 Report issuing 4
Communication activities involve issuing institutional reports (such as budgetary, financial, 5
operational and programmatic reports) of proper quality, content and scope and that are 6
compiled under the supervision of the head of the institution, senior management and any 7
personnel designated with this responsibility. 8
In order for reports to support the institution’s values, the head of the institution and senior 9
management must establish adequate mechanisms by which to incorporate key principles, 10
such as data reliability, in order to eliminate the possibility of presenting inexact data and 11
issuing reports of low quality (for example, having an insufficient scope or overly complex 12
presentation). 13
Similarly, reports shouldn’t overestimate or underestimate events and numbers that affect the 14
knowledge about the position of an entity. Hence, the institution must formally establish and 15
document a policy for issuing reports, which has to include specific procedures for each of the 16
different steps: the gathering of information, the verification of the data, the testing of the 17
pertinence and integrity of the information, the final validation by the competent authorities, 18
and the final release of the document. 19
Since there must be logic and adequate mechanisms to generate the reports, the head of the 20
institution and the senior management, in their respective area of responsibility, must disclose 21
all data about the exercise of resources, budgets, and financial statements that is required to 22
properly understand the position of the entity. Through those activities, the entity enhances 23
transparency and accountability, according to the pertinent legal norms. 24
Due to the importance of issuing reports that precisely reflect the status of the institutional 25
operations and the progress towards the achievement of objectives, it is essential that the head 26
of the institution and the senior management establish internal responsibilities in a proper and 27
clear way. In this way, the information and the authorization procedures can be effectively 28
allocated among public servants at distinct levels of responsibility. 29
Page 51 of 54
Likewise, the policy to issue reports must establish that the information is available to senior 1
management; it must specify the information requirements to allow a proper performance, and 2
it must exactly define the degree of accomplishment of responsibilities. 3
Staff involved in developing and issuing reports should clearly understand the report process, 4
including the delegation of responsibilities and levels of review, in order to avoid any 5
duplication of efforts, contradictory instructions and confusion among members of the 6
institution. 7
Within the process of creating reports, there are usually risks due to the disconnection between 8
operational and managerial activities. However, the policy for issuing reports should establish 9
a structure of relationships that promote effective communication between senior, middle and 10
operational management. 11
12
2.7 Monitoring and modification 13
2.7.1 Permanent monitoring process 14
Even if the corruption preventıon system is adequate and there are not serious corrupt or anti-15
integrity cases, the entities have to remain alert and establish continuous monitoring activities. 16
The head of the organization and senior management must establish a strategy to guarantee that a 17
continuous monitoring process is present and effective, and that it allows for independent 18
evaluations when deficiencies are detected. Effective monitoring and evaluation should focus on 19
measuring outcomes and progress toward the achievement of objectives, rather than simply 20
reviewing outputs and progress in implementing control activities. 21
There are different sorts of assessments that the entity can execute for specific aspects, such as 22
design, implementation and impact assessments. 23
The design evaluation contributes to determine the viability of the corruption preventıon system, 24
and to estimate the possibilities of success. It is done before the implementation of controls and it 25
involves the analysis of the measurement methods according to the specific problem that is to be 26
solved and the resources that the entity has. 27
The evaluation of implementation is relevant to determine whether the Program is executed in the 28
best possible way. This assessment is done when the anticorruption controls are being established 29
and it consists in verifying that the public servants are doing the proper actions. 30
The impact evaluation has the purpose of measuring the effects of the system related with its quality 31
and scope. This assessment is done after the implementation of the program, and it involves testing 32
Page 52 of 54
whether a specific situation improved when the Program was applied in comparison to a situation in 1
which the Program was not applied. 2
An independent periodical review is related to specific sections of the internal control system. 3
To determine the scope and frequency of the independent evaluations, the institution must consider 4
the results of the corruption risks assessment. This assessment is usually done inside the entity and 5
it helps to identify the vulnerable areas of the institution. 6
The institution should also carry out independent evaluations after relevant changes in its strategic 7
plans, when there is an increase or decrease of personnel or institutional abilities, or when the 8
information systems related to the use of public resources have changed dramatically. 9
Even in the absence of relevant changes in the activities related to public resources, it is convenient 10
to do independent evaluations frequently of these activities and any other activities vulnerable to 11
corruption. 12
Furthermore, the strategy of continuous monitoring and independent evaluations must be clearly 13
documented and communicated to the institutional staff. The institution must guarantee that those 14
activities of supervision are carried out by personnel with the proper professional and ethical 15
competencies. 16
The conclusions and results of the evaluatıon must be available to the respective public servants, so 17
that they can improve their performance and contribute to the protection of integrity. 18
19
2.7.2 Analysis of lessons learned 20
The results of monitoring and evaluations should be used to improve the design and implementation 21
of corruption risk management activities. The implementation of a corruption preventıon system 22
does not eliminate the existence of corrupt cases and instances. Because no system is perfect, 23
controls can sometimes be avoided and structural weaknesses may not be timely identified. 24
That is why it is required, as a part of the monitorıng activities of the program, to analyses in detail 25
the corruptive acts that have already occurred and to use the results to permanently improve the 26
system. 27
The head of the institution and senior management, in coordination with the anticorruption 28
department and internal auditors, must communicate in order to address specific issues and lessons 29
learned. Through the dynamic feedback of those communications, the entity can detect the 30
structural problems that make corruption possible and, in consequence, it can improve the 31
institutional integrity program, adopt better measures and prevent the recurrence of those problems 32
in the future. 33
Page 53 of 54
As an example, the next questions should be asked so that their responses can contribute to anti-1
corruption efforts and help concentrate institutional resources in a more efficient, effective and 2
economical way46: 3
How did the corrupt or anti-integrity act happen? 4
What controls failed? Why? 5
What controls were avoided? By whom? 6
Why was not the irregular act detected before? 7
Which indicators (red flags) were not seen by the governing bodies, the head of the 8
institution, the senior management and the control units? Why? 9
How can future irregular acts be prevented or how can they be easily detected? 10
Which controls must be reformed? 11
Which processes to safeguard the integrity must be improved? 12
What kind of additional training is required? 13
14
3. Additional aspects 15
3.1 Cooperation with other institutions involved in fighting against corruption 16
Fighting against corruption requires the establishment of institutions with specific capacities to 17
perform actions for preventing and tackling corruption47. Cooperation between institutions involved 18
in the fight against corruption, such as SAIs, organizations or commissions with the mission of 19
corruption prevention, among other entities, is therefore fundamental48. In this sense, it is important 20
for such organisms to strengthen cooperation between them in order to reach better results. 21
22
3.2 Cooperation between Supreme Audit Institutions (SAIs) 23
As corruption is a common phenomenon across different societies, regardless their form of 24
government, the fight against corruption requires the comprehensive commitment of each country’s 25
46 The Institute of Internal Auditors, Practice Guide “Internal Auditing and Fraud”. 47 See United Nations Convention against Corruption and 48 Article 38 United Nations Convention against Corruption, states that State Parties shall take such measures as may be
necessary to encourage, cooperation between, its public authorities, as well as its public officials, and, its authorities
responsible for investigating and prosecuting criminal offences.
Page 54 of 54
institutions in order to build a culture of public ethics, with the active participation of citizens as a 1
whole. 2
In that sense, SAIs have an important role in the fight against corruption and the fulfilment of these 3
responsibilities may benefit from the exchange of knowledge and experiences with one another, as 4
stated in the Lima Declaration49. Based on their experience in prevention, detection and sanctioning 5
corrupt activities, within their respective legislative framework, SAIs may develop common 6
approaches to fight corruptions, exchange good practices and conduct joint interventions50. 7
For this, every SAI may, for example, adopt cooperation agreements to detect acts of corruptions in 8
international public procurement or information exchange. In addition, whenever the legal 9
framework allows it, SAIs may perform joint interventions, such as cooperative audits on those 10
matters51. 11
12
3.3 Appointment of Government agency 13
A Government Agency could also be established to promote good governance and anti-corruption 14
and handle alleged cases of corruption. It could also be responsible to train the business sector and 15
financial institutions in transparency, integrity and other good governance principles. It could also 16
liaise with international institutions in case of international corruption. 17
18
19
20
49 Lima Declaration, article 15 50 Article 43 United Nations Convention against Corruption states that States Parties shall consider assisting each other
in investigations of and proceedings in civil and administrative matters relating to corruption, where appropriate and
consistent with their domestic legal system. 51 In January 2011, the Supreme Audit Office of the Czech Republic (Czech SAI – NKÚ) and the Bundesrechnungshof
of Germany (German SAI – BRH) agreed to conduct parallel audits both of the EU-wide awarding of building contracts
and of corruption prevention. The audit focused on the application of EU procurement law as transposed into national
law and corruption prevention of contracts for building construction and road construction and/or transport. The audit
also covered contract awards below the EU thresholds with a view to corruption prevention. For more references see
http://www.nku.cz/assets/publikace/spolecna-zprava-nku-a-brh-2013_1.pdf
